Authenticating for an API

Overview

When importing data via HTTP, you sometimes need to provide authentication to an external site. There are 2 parts to this:

  1. Storage - To store the username and password, use one of the following methods:
  2. Usage - To use the username and password
    1. In analysis models, connect the HTTP datasource to a HTTP modelling object:
    2. In the expression within the modelling object, reference the username, password. Expression fields are: 
      • HTTP collectors and HTTP exporters → URL Expression or Statement Expression 
      • HTTP Headers Properties → Basic Settings → Value.

Using an HTTP Datasource Instance 


This method stores a username and password in plain text in the PhixFlow database.

Step 1 Store:

  1. Open a HTTP datasource properties
  2. in the HTTP Datasource Instances section add a new instance
  3. In the instance, enter the details for the Name, Username and Password properties.
  4. Tick Enabled.
  5. Save the properties.

Step 2: Use:

To use a username or password in an expression, specify the following variables:

PropertiesVariable
Username %USERNAME%
Password%PASSWORD%.

When you run analysis, PhixFlow looks in the associated HTTP datasource instance for the value set in the Username and Password properties and uses them to authenticate to the external site.

Using the PhixFlow Secret Key 

Step 1 Store:

To store a username and password encrypted in PhixFlow, configure a key/value pair using the secret key. 

  1. In a HTTP datasource properties → Secret Key Details section, click  Add New to create a new secret key. PhixFlow opens the secet key properties.
  2. Enter a Name and click  Save.
  3. PhixFlow automatically creates a key for this secret. The key is a combination of the name and a string that is the internal ID of the HTTP datasource.
  4. In the Secret field, click  Add New to create the associated value. PhixFlow opens the new local secret properties.
  5. In the local secret → Secret field, add the value, which PhixFlow stores encrypted.
  6.   Click  OK to save and close the local secret.
  7. PhixFlow adds a string of asterisks *** to the Secret field to show you have configured the value.
  8. Click  OK to save and close the secret key.

For details of the properties of a secret key, see Secret Key and Local Secret.

Step 2: Use:

In an expression, specify 2 keys, one for the username and one for the password, using
    ${_datasource.key}  where key is the Name of the secret key.                                                                                            

When you run analysis, PhixFlow looks in the associated HTTP datasource for the specified key and provides the de-encrypted value to authenticate to the external site.

Using the Keystore 

If your PhixFlow instance has a Java keystore, you can use this to store usernames and passwords instead of using a local secret. This option is the most secure, but requires administrator access to the keystore.

Step 1 Create the key:

To create a key for the username or password: 

  1. In a HTTP datasource properties → Secret Key Details section, click  Add New to create a new secret key. PhixFlow opens the secet key properties.
  2. Enter a Name and click  Save.
  3. PhixFlow automatically creates a key for this secret. The key is a combination of the name and a string that is the internal ID of the HTTP datasource.
  4. Copy the key to use in the keystore.
  5. Click  OK to save and close the secret key.

For details of the properties of a secret key, see Secret Key and Local Secret.

Step 2: Store:

In the keystore, use the copied key and the username/password values to store key-value pairs; see Adding Data to a Keystore.

Step 3: Use:

In an expression, specify 2 keys, one for the username and one for the password, using
    ${_datasource.key}  where key is the Name of the secret key.                                                                                            

When you run analysis, PhixFlow looks for the specified key:

  • first in the associated HTTP datasource
  • then in the keystore.

PhixFlow provides the de-encrypted value to authenticate to the external site.

It is possible to create and to use a key without adding the associated value to:

  • either the local secret
  • or the keystore

If you run analysis on a model containing an HTTP object that cannot find a value for a key, it will cause an error.

Learn More

For links to all pages in this topic, see Analysis Models for Batch Processing Data.


Terminology changes in progress

As part of the redesign of PhixFlow, we are changing the following terms:

dashboard → screen   
stream → table
stream attributes → attributes
stream item → record
stream set → recordset
stream view → view
stream item action → record-action 
stream action → table-action
driver class → database driver